Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

XP Security 2011


  • Please log in to reply

#1
Tiniman012

Tiniman012

    New Member

  • Member
  • Pip
  • 9 posts
edit: After 8+ attempts using malwarebytes, I think it finally worked. Had downloaded/updated and ran before but this time it found a lot more infections and haven't seen it reappear.

I've attempted to download scanners from a clean PC as well as use Malwarebytes (have always had it downloaded) in safe mode to clean when I couldn't run it actively. It has found the malware many times, but it has always returned when I restart my computer.

I believe I got it opening up a site which I expected to be safe (googling reviews for a product). Site opened, slowly loaded and then Firefox crashed and subsequently had the security suite pop up. Immediately realized it was rogueware, but initial malwarebytes did nothing. Had renamed Malwarebytes "The Install" but later realized you just had to change to .com.


OTL logfile created on: 5/18/2011 12:15:40 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner.YOUR-1BC968E400\Desktop\Fix
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.75 Gb Total Space | 141.30 Gb Free Space | 61.77% Space Free | Partition Type: NTFS
Drive D: | 4.12 Gb Total Space | 2.39 Gb Free Space | 57.91% Space Free | Partition Type: FAT32

Computer Name: YOUR-1BC968E400 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/18 00:14:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-1BC968E400\Desktop\Fix\OTL.exe
PRC - [2011/05/17 23:51:27 | 000,216,937 | -HS- | M] () -- C:\Documents and Settings\Owner.YOUR-1BC968E400\Local Settings\Application Data\rhl.exe
PRC - [2011/05/10 19:57:55 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/12/20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/09/24 05:15:13 | 000,345,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/05/12 17:08:48 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2004/07/03 00:36:58 | 001,432,576 | ---- | M] (Cisco Linksys Corporation) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe
PRC - [2004/02/06 22:56:14 | 000,041,025 | ---- | M] (GEMTEKS) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe


========== Modules (SafeList) ==========

MOD - [2011/05/18 00:14:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-1BC968E400\Desktop\Fix\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WUSB54Gv4SVC)
SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 21:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006/05/12 17:08:48 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/09/02 17:49:06 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pneteth.sys -- (pneteth)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\Owner.YOUR-1BC968E400\Local Settings\temp\SAS_SelfExtract\saskutil.sys -- (SASKUTIL)
DRV - [2010/02/17 16:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2010/02/17 16:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Documents and Settings\Owner.YOUR-1BC968E400\Local Settings\temp\SAS_SelfExtract\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/11/02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/09/28 15:32:14 | 000,009,472 | ---- | M] (June Fabrics Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pnetmdm.sys -- (pnetmdm)
DRV - [2006/05/12 17:06:44 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/09/26 18:07:00 | 003,644,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/09/23 17:26:40 | 001,094,751 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/07/29 20:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 20:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/09 18:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/11/10 20:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/11/10 20:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/05/26 14:53:40 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/05/07 13:47:10 | 000,079,616 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (WUSB54GV4SRV)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 16:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..browser.search.param.yahoo-fr: "w3i&type=W3i_DS,157,0_0,Search,20110414,6902,0,16,0"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Firefox\Extensions\\{6F5628A3-BD63-45AA-B417-5336E006762F}: C:\Documents and Settings\Owner.YOUR-1BC968E400\Local Settings\Application Data\{6F5628A3-BD63-45AA-B417-5336E006762F}\ [2011/05/10 18:03:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/17 20:56:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/10 19:58:08 | 000,000,000 | ---D | M]

[2008/08/25 16:58:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.YOUR-1BC968E400\Application Data\Mozilla\Extensions
[2011/05/17 00:29:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.YOUR-1BC968E400\Application Data\Mozilla\Firefox\Profiles\cvyi0o8h.default\extensions
[2010/05/03 19:51:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner.YOUR-1BC968E400\Application Data\Mozilla\Firefox\Profiles\cvyi0o8h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/04 15:39:33 | 000,000,000 | ---D | M] ("Athena") -- C:\Documents and Settings\Owner.YOUR-1BC968E400\Application Data\Mozilla\Firefox\Profiles\cvyi0o8h.default\extensions\{405e2f6c-b9b8-4515-a69c-e375d7156c86}
[2011/05/10 18:53:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/22 22:47:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/13 21:22:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-1BC968E400\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CVYI0O8H.DEFAULT\EXTENSIONS\{27C60876-B5C9-4335-B4F3-52B26782220C}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-1BC968E400\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\CVYI0O8H.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011/05/10 18:03:47 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-1BC968E400\LOCAL SETTINGS\APPLICATION DATA\{6F5628A3-BD63-45AA-B417-5336E006762F}
[2009/07/25 12:50:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/10 19:57:54 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/05/10 19:57:59 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/10 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110517205604.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\The Install\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WUSB54Gv4] C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10h_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Owner.YOUR-1BC968E400\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
O4 - Startup: C:\Documents and Settings\Owner.YOUR-1BC968E400\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} http://support.f-sec...m/ols/fscax.cab (F-Secure Online Scanner 3.1)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.3.102.cab (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.YOUR-1BC968E400\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.YOUR-1BC968E400\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f65d2824-b2ef-11de-8043-001217875447}\Shell - "" = AutoRun
O33 - MountPoints2\{f65d2824-b2ef-11de-8043-001217875447}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f65d2824-b2ef-11de-8043-001217875447}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Owner.YOUR-1BC968E400\Local Settings\Application Data\rhl.exe" -a "%1" %* ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Owner.YOUR-1BC968E400\Local Settings\Application Data\rhl.exe" -a "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2011/05/18 00:09:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/18 00:09:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/18 00:09:41 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/18 00:09:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/17 23:55:49 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.YOUR-1BC968E400\Desktop\mbam-setup.com
[2011/05/17 23:49:45 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.YOUR-1BC968E400\Desktop\The Install.exe
[2011/05/17 23:44:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/05/17 20:45:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-1BC968E400\Application Data\SUPERAntiSpyware.com
[2011/05/17 20:45:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/17 00:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\The Install
[2011/05/17 00:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\The Install
[2011/05/10 18:03:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-1BC968E400\Local Settings\Application Data\{6F5628A3-BD63-45AA-B417-5336E006762F}
[2011/04/24 00:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-1BC968E400\Application Data\U3
[2006/09/06 11:34:37 | 042,343,200 | ---- | C] (NVIDIA Corporation ) -- C:\Program Files\91.47_forceware_winxp2k_english_whql.exe

========== Files - Modified Within 30 Days ==========

[2011/05/18 00:11:00 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/17 23:56:15 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.YOUR-1BC968E400\Desktop\mbam-setup.com
[2011/05/17 23:53:25 | 000,011,904 | -HS- | M] () -- C:\Documents and Settings\Owner.YOUR-1BC968E400\Local Settings\Application Data\h355m4tfgk12ar0321wiru
[2011/05/17 23:53:25 | 000,011,904 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\h355m4tfgk12ar0321wiru
[2011/05/17 23:51:27 | 000,216,937 | -HS- | M] () -- C:\Documents and Settings\Owner.YOUR-1BC968E400\Local Settings\Application Data\rhl.exe
[2011/05/17 23:46:33 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/17 23:44:30 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/05/17 23:44:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/17 23:44:19 | 2011,746,304 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/17 23:37:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/17 17:56:20 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-1BC968E400\Desktop\rkill.com
[2011/05/17 01:06:22 | 000,013,972 | -HS- | M] () -- C:\Documents and Settings\Owner.YOUR-1BC968E400\Local Settings\Application Data\06q76178cr6pbn36hy6n5
[2011/05/17 01:06:22 | 000,013,972 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\06q76178cr6pbn36hy6n5
[2011/05/12 19:57:28 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.YOUR-1BC968E400\Desktop\The Install.exe
[2011/05/12 17:53:39 | 000,000,279 | RHS- | M] () -- C:\boot.ini
[2011/05/10 20:19:07 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/10 18:03:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ymezamujoyexam.bin
[2011/05/10 18:03:48 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Yreseh.dat
[2011/05/09 16:43:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/06 17:15:00 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,011,168 | -H-- | C] () -- C:\WINDOWS\System32\waseniva
[2011/05/18 00:11:00 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/17 23:51:29 | 000,011,904 | -HS- | C] () -- C:\Documents and Settings\Owner.YOUR-1BC968E400\Local Settings\Application Data\h355m4tfgk12ar0321wiru
[2011/05/17 23:51:29 | 000,011,904 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\h355m4tfgk12ar0321wiru
[2011/05/17 23:51:27 | 000,216,937 | -HS- | C] () -- C:\Documents and Settings\Owner.YOUR-1BC968E400\Local Settings\Application Data\rhl.exe
[2011/05/17 20:27:03 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-1BC968E400\Desktop\rkill.com
[2011/05/17 20:23:50 | 2011,746,304 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/11 22:17:00 | 000,013,972 | -HS- | C] () -- C:\Documents and Settings\Owner.YOUR-1BC968E400\Local Settings\Application Data\06q76178cr6pbn36hy6n5
[2011/05/11 22:17:00 | 000,013,972 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\06q76178cr6pbn36hy6n5
[2011/05/10 19:58:13 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/10 18:03:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ymezamujoyexam.bin
[2011/05/10 18:03:48 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Yreseh.dat
[2010/08/06 13:31:07 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/06/20 14:08:05 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/12 20:53:15 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/10/13 11:50:15 | 000,062,768 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/11 16:52:54 | 000,157,219 | ---- | C] () -- C:\WINDOWS\hphins26.dat
[2009/10/11 16:52:54 | 000,000,787 | ---- | C] () -- C:\WINDOWS\hphmdl26.dat
[2008/11/15 16:04:00 | 003,064,736 | ---- | C] () -- C:\Program Files\ventrilo-3.0.4-Windows-i386.exe
[2008/06/10 13:38:18 | 003,103,150 | ---- | C] () -- C:\Program Files\WRT54GV4.0_4.21.1_US_code.zip
[2008/01/04 04:12:24 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/10/15 18:09:36 | 000,002,098 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-1BC968E400\Application Data\wklnhst.dat
[2007/10/09 14:14:38 | 015,040,757 | ---- | C] () -- C:\Program Files\VSE80iLEN.zip
[2006/11/26 22:46:37 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/11/26 22:46:37 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/11/26 22:46:37 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/11/13 23:13:15 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-1BC968E400\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/07 14:21:01 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-1BC968E400\Local Settings\Application Data\fusioncache.dat
[2006/08/21 13:53:53 | 000,002,197 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/08/21 02:30:46 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/21 02:27:28 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/08/21 00:41:49 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2006/08/21 00:41:36 | 000,001,736 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2006/05/12 17:09:06 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2006/05/12 17:05:55 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/05/12 17:05:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/05/12 17:04:46 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2006/05/12 17:04:40 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/05/12 17:04:23 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/05/12 16:59:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/12 15:37:59 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/05/12 15:37:58 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/05/12 15:37:58 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/05/12 15:37:56 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/05/12 15:37:55 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/05/12 15:37:55 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/05/12 15:37:55 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/05/12 15:37:55 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/05/12 15:37:52 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/05/12 15:37:51 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2005/08/06 01:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/01/12 13:38:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/12 12:51:23 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2005/01/09 21:17:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/01/09 21:07:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/01/09 19:49:16 | 000,001,220 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/09 19:49:16 | 000,000,493 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/01/09 19:48:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/01/09 19:48:21 | 000,444,794 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/01/09 19:48:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/01/09 19:48:21 | 000,072,544 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/09 19:48:21 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/01/09 19:48:20 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/09 19:48:18 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/01/09 19:48:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/01/09 19:48:07 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/01/09 19:48:07 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/01/09 19:48:01 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/01/09 19:47:52 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/01/09 13:00:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/09 12:59:39 | 000,296,456 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Alternate Data Streams ==========

@Alternate Data Stream - 339 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF

< End of report >

Edited by Tiniman012, 18 May 2011 - 11:09 AM.

  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP